The troubleshooting of hardware and software systems continues to be a complex and time-consuming endeavor. A change in the system can have a cascade effect that results in a chain of changes or events in the system. For auditing and reporting purposes, it is typically a requirement to identify the root cause of a change in the system, as well as identifying the effects of the change in the system. Without the ability to link related changes together, it is not possible to produce a cause-chain and identify the root cause of a change in the system. This becomes particularly concerning in an identity management system, for example, that inter alia identifies and authenticates service providers against phishing attacks.